The present invention relates generally to the field of content communication and more specifically to a system for communicating video content on demand through a communication network.
Conventional systems for delivering video content on demand to subscribers are becoming well known. VOD (video on demand) is an interactive service in which content (e.g., video) is delivered to a subscriber over a point-to-multipoint network (e.g., a cable system) on an on-demand basis. A subscriber may order and receive programming content at any time, without adhering to a pre-defined showing schedule. The subscriber is often provided VCR-like motion control functions, such as pause (freeze frame), slow motion, scan forward, and slow backward. The subscriber is typically allowed multiple viewing of a purchased program within a time window, e.g., 24 hours. VOD mimics (or exceeds) the level of control and convenience of rental video tapes. For a VOD service to prevent unauthorized access, the system implementing it provides some form of conditional access.
Conditional Access
The system implementing VOD provides the capability to limit content access to authorized subscribers only, as the contents delivered as part of the service are generally considered valuable intellectual properties by their owners. In cable and satellite television, such capability is known as conditional access. Conditional access requires a trustworthy mechanism for classifying subscribers into different classes, and an enforcement mechanism for denying access to unauthorized subscribers. Encryption is typically the mechanism used to deny unauthorized access to content (as opposed to carrier signal).
Tiering of Services
To distinguish between authorized and unauthorized subscribers, and between different levels of authorization, a concept of class of services is employed. A “tier” in conventional cable or satellite TV terminology, is a class of services. It can also be viewed as a unit of authorization, or an access privilege that can be granted, revoked, or otherwise managed.
Key Management
In a system that employs encryption, key management refers to all aspects of the handling of cryptographic keys, including their generation, distribution, renewal, expiration, and destruction. The goal of key management to make sure that all parties can obtain exactly the cryptographic keys to which are authorized under an access control policy. Access control is effected by careful control over the distribution of keys. In a conditional access system for cable systems, conditional access is implemented with the use of two classes of control messages: entitlement control messages (ECMs) and entitlement management messages (EMMs).
Entitlement Management Messages
EMMs are control messages that convey access privileges to subscriber terminals. Unlike ECMs (entitlement control messages) which are embedded in transport multiplexes and are broadcast to multiple subscribers, EMMs are sent unicast-addressed to each subscriber terminal. That is, an EMM is specific to a particular subscriber. In a typical implementation, an EMM contains information about the periodical key, as well as information that allows a subscriber terminal to access an ECM which is later sent. EMMs also defines the tiers for each subscriber. With reference to cable services, for example, a first EMM may allow access to HBO™, ESPN™ and CNN™. A second EMM may allow access to ESPN™, TNN™ and BET™, etc.
Entitlement Control Messages
In a conditional access system, each content stream is associated with a stream of ECM that serves two basic functions: (1) to specify the access requirements for the associated content stream (i.e., what privileges are required for access for particular programs); and (2) to convey the information needed by subscriber terminals to compute the cryptographic key(s), which are needed for content decryption. ECMs are transmitted in-band alongside their associated content streams. Typically, ECMs are cryptographically protected by a “periodical key” which changes periodically, usually on a monthly basis. The periodical key is typically distributed by EMMs prior to the ECMs, as noted above.
Encryption
In a cable system, carrier signals are broadcast to a population of subscriber terminals (also known as set-top boxes). To prevent unauthorized access to service, encryption is often employed. When content is encrypted, it becomes unintelligible to persons or devices that don't possess the proper cryptographic key(s). A fundamental function of a conditional access system is to control the distribution of keys to the population of subscriber terminal, to ensure that each terminal can compute only the keys for the services for which it is authorized. Traditionally, in broadcast services, an encryption device is placed on the signal path before the signal is placed on the distribution network. Thereafter, the encryption device encrypts the signal and its content in real time. This technique is acceptable because a large number of subscribers share the same (relatively small number of) content streams.
Disadvantageously, for VOD, real-time encryption poses much greater cost and space issues. A medium-sized cable system may have, for example, 50,000 subscribers. Using a common estimate of 10% peak simultaneous usage, there can be up to 5000 simultaneous VOD sessions during the peak hours. A typical encryption device can process a small number of transport multiplexes (digital carriers). A relatively large number of real-time encryption devices will be needed to handle the peak usage in the example system. Such a large amount of equipment not only adds significantly to the system cost, but also poses a space requirement challenge.
One solution to the aforementioned problem is disclosed in co-pending related application entitled SYSTEM FOR SECURELY DELIVERING PRE-ENCRYPTED CONTENT ON DEMAND WITH ACCESS CONTROL, U.S. Ser. No. 09/898,184 filed, Jul. 3, 2001, which is hereby incorporated by reference in its entirety. In U.S. Ser. No. 09/898,184, a system is disclosed that encrypts content offline (typically before the content is requested by the user) before it is distributed to point-to-point systems such as cable systems. The system allows content to be encrypted once, at a centralized facility, and to be useable at different point-to-point systems. Advantageously, the pre-encrypted contents in the present invention have indefinite lifetimes. The system periodically performs an operation called ECM retrofitting, enabling the content to be useable in multiple systems and useable multiple times in the same system. The amount of data being processed during ECM retrofitting is very small (on the order of several thousand bytes). There is no need to reprocess the pre-encrypted contents. This is a significant advantage, as several thousand bytes represent only a tiny fraction of the size of a typical 2-hour video program, which can be about 3 gigabytes (3,000,000,000 bytes) in size.
In a first embodiment, the system of U.S. Ser. No. 09/898,184, includes a content preparation system (CPS) containing an off-line encryption system (OLES) for pre-encrypting the content offline to form pre-encrypted content; an encryption renewal system (ERS) for generating entitlement control messages (ECMs) that allow the pre-encrypted content to be decrypt-able for a designated duration; and a conditional access system (CAS) for granting conditional access to receiving units. The ERS, in a first aspect, is connected to the public Internet and is readily accessible to the world wide web, which makes the ERS susceptible to access by unauthorized parties. Since the ERS handles highly sensitive information, it must be protected and secured from unauthorized access.
Regarding the OLES, it must be activated in order to begin encrypting clear content off-line. Activation occurs only after information regarding OLES' users and operating conditions are determined since at manufacture time, there is no indication as to what these conditions are. Further, cryptographic parameters are needed to activate the OLES which parameters must be unique so that information is useable only in the system for which it is intended. Moreover, such information must be remain hidden and be resistant to tampering.
Therefore, there is a need to resolve the aforementioned problems relating to a system for securely delivering pre-encrypted content, and the present invention meets this need.